Subsonic Forum

Hi!

How can I deny access to the settings page for a normal user? So that only the admin account can get into the settings?

fanSte.

I'd try altering the file jetty/[[[BUILD_NUMBER]]]/webapp/WEB-INF/applicationContext-security.xml

and change the line

Code: Select all

/personalSettings.view=ROLE_SETTINGS

to

Code: Select all

/personalSettings.view=ROLE_ADMIN

Can't say for sure that it will solve your problems, but it should be a good point to start!

Or do you wanna remove the Settings icon in the top menu completely for non-admins? Then it's jetty/[[[BUILD_NUMBER]]]/webapp/WEB-INF/jsp/top.jsp

hakko wrote:Or do you wanna remove the Settings icon in the top menu completely for non-admins? Then it's jetty/[[[BUILD_NUMBER]]]/webapp/WEB-INF/jsp/top.jsp

thanks! that worked!

\\edit

I've changed

Code: Select all

<c:if test="${model.user.SettingsRole}">

into

Code: Select all

<c:if test="${model.user.adminRole}">

fanSte wrote:Hi!

How can I deny access to the settings page for a normal user? So that only the admin account can get into the settings?

fanSte.

The Settings for a non-admin user only affect the personal settings for that user and are very limited. They can change their theme if they like and change their password and whatever you allow them to do from what you set up when you added them.

It doesn't give them admin priveledges.

The changes they make only affect the way they see Subsonic displayed to them and is not a security risk.